一步一步学会puppet(四)--master/agent模型

这篇博文主要介绍puppet在实际生产环境下的master/agent模型的使用；

===================================================================

1 原理介绍

   1.1 原理图

   1.2 详细说明

2 配置实例

   2.0 准备

   2.1 master配置

   2.2 agent配置

   2.3 master签署证书

   2.4 agent一次完整的同步案例

===================================================================

1 原理介绍

1.1 原理图

1.2 详细说明

• puppet agent通常运行为一个服务进程，其默认每隔半个小时向master发出一次连接请求；

• puppet agent并不直接访问任何manifest，而是向master请求一个预编译的catalog文件；

• puppet master会为发出请求的agent读取一个名为“site manifest”的特殊manifest文件，并基于此编译一个catalog后发送给agent；

• puppet agent在获取到catalog后应用于本地；

• 因此，基于此种工作架构，仅在master端提供一个或少量几个manifest即可实现管理大量的节点，并能提供更加安全的工作过程；

2 配置实例

2.0 准备

puppet利用主机名识别不同的节点，故需保证master和agent的主机名都可解析，生产环境下使用DNS解析，测试环境使用hosts文件即可；

2.1 master配置

# 安装puppet-server程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm puppet-server-2.7.25-1.el6.noarch.rpm
# 生成master配置文件：
puppet master --genconfig >> /etc/puppet/puppet.conf
# 启动puppetmaster服务
puppetmasterd -v -d --no-daemonize # 前台测试启动
service puppetmaster start # 正式启动服务
# 服务验证：ss -antupl |grep 8140

2.2 agent配置

# 安装puppet程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm
# 编辑配置文件
vi /ect/puppet/puppet.conf # 在[agent]段添加server=Puppetmaster_Hostname，如
    server = master.lamp.com
# 启动puppet服务
puppet agent --server mem.lamp.com -v -d --noop --test # 测试启动，不实际应用配置
service puppet start # 正式启动agent服务
chkconfig puppet on # 配置开启启动

2.3 master签署证书

# 手动签发：
puppet cert list # 显示待签发节点的证书请求
puppet cert sign Node_Name # 签署某一agent的请求
puppet cert sign --all # 一次性签署全部请求
# 自动签发：
cat > /ect/puppet/autosign.conf << EOF  *.lamp.com  EOF  # 会对所有来自lamp.com的主机请求都自动签发
# 注：master端的任何修改，都要重新装载puppetmaster服务，即执行如下命令即可
service puppetmaster reload

2.4 agent一次完整的同步案例

[root@nginx1 ~]# puppet agent -v -t
info: Caching catalog for nginx1.lamp.com
info: Applying configuration version ‘1400402077‘
notice: /Stage[main]/Nginx::Package::Redhat/Package[nginx]/ensure: created
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content:
--- /etc/nginx/nginx.conf   2013-04-27 04:36:51.000000000 +0800
+++ /tmp/puppet-file20140518-5216-1feu0op-0 2014-05-18 16:34:51.566999838 +0800
@@ -1,42 +1,31 @@
-# For more information on configuration, see:
-#   * Official English Documentation: http://nginx.org/en/docs/
-#   * Official Russian Documentation: http://nginx.org/ru/docs/
-
-user              nginx;
-worker_processes  1;
+user nginx;
+worker_processes 1;
 error_log  /var/log/nginx/error.log;
-#error_log  /var/log/nginx/error.log  notice;
-#error_log  /var/log/nginx/error.log  info;
-
 pid        /var/run/nginx.pid;
-
 events {
-    worker_connections  1024;
+  worker_connections 1024;
+
 }
-
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  access_log  /var/log/nginx/access.log;
+
+  sendfile    on;
+
+
+
+  keepalive_timeout  65;
+  tcp_nodelay        on;
-    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
-                      ‘$status $body_bytes_sent "$http_referer" ‘
-                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    # Load config files from the /etc/nginx/conf.d directory
-    # The default server is in conf.d/default.conf
-    include /etc/nginx/conf.d/*.conf;
+
+  gzip         on;
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+
+  include /etc/nginx/conf.d/*.conf;
 }
info: FileBucket got a duplicate file {md5}d9dfc198c249bb4ac341198a752b9458
info: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum d9dfc198c249bb4ac341198a752b9458
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content: content changed ‘{md5}d9dfc198c249bb4ac341198a752b9458‘ to ‘{md5}df69537f815f9aacfe6dd6a439a7ba06‘
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/conf.d/proxy.conf]/ensure: defined content as ‘{md5}530e67c1708924887565ce91f2c5b9f8‘
info: Class[Nginx::Config]: Scheduling refresh of Class[Nginx::Service]
info: Class[Nginx::Service]: Scheduling refresh of Service[nginx]
info: Class[Nginx::Service]: Scheduling refresh of Exec[rebuild-nginx-vhosts]
notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Triggered ‘refresh‘ from 1 events
info: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Scheduling refresh of Service[nginx]
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed ‘stopped‘ to ‘running‘
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered ‘refresh‘ from 2 events
notice: Finished catalog run in 5.06 seconds
# 特别注意notice的输出内容，分别完成了nginx程序的安装，配置文件的生成，服务的启动等操作；

本文出自 “小小忍者” 博客，请务必保留此出处http://xxrenzhe.blog.51cto.com/4036116/1413189

一步一步学会puppet(四)--master/agent模型,布布扣,bubuko.com

一步一步学会puppet(四)--master/agent模型

原文：http://xxrenzhe.blog.51cto.com/4036116/1413189